Podcasts about entra id

This episode features Geoffrey Mattson, CEO of SecureAuth, joined by co-host Sarah Cicchetti, Director of Product Management at Semperis.Geoffrey has spent decades building and leading companies at the intersection of AI and cybersecurity, including MistNet.ai, an AI-native threat detection platform acquired by LogRhythm, and Xage Security, where he drove zero trust adoption across the U.S. military, global energy firms, and Fortune 500 enterprises. At SecureAuth, he leads a platform built around continuous, real-time identity authority across workforces, APIs, and AI agents.In this episode, Geoffrey argues that agents combine the speed of automation with the unpredictability of humans, making real-time per-action authorization the only viable control model. He discusses why “friendly fire” from well-meaning employees is the biggest threat vector right now, how MCP vendors are ignoring their own OAuth spec, and what a practical agent rollout with real guardrails actually looks like.This episode reframes authorization as the problem the identity industry has been deferring for years and can no longer avoid.Guest Bio Geoffrey Mattson is a serial entrepreneur and globally recognized cybersecurity and AI executive with decades of experience building market-defining companies and technologies that protect the world's most critical systems.He is currently CEO of SecureAuth, a leader in AI-driven identity and access management with its Continuous Authority, ensuring ongoing verification across workforces, customers, APIs, and AI agents. This is enabled through its Private Authority Platform, which puts authentication and authorization under your control through any deployment model (cloud, on prem, hybrid, air-gapped).Prior to SecureAuth, Mattson served as CEO of Xage Security, where he led the company in Zero Trust for critical environments from energy to agentic AI. Under his leadership, Xage achieved rapid adoption across the U.S. military, global energy firms, and Fortune 500 enterprises.Previously, Geoffrey Mattson was co-founder and CEO of MistNet.ai, an AI-native threat detection platform acquired by LogRhythm. He pioneered decentralized analytics and machine learning approaches for real-time cyber defense, and later served as SVP of Product at LogRhythm, driving global expansion and shaping the next generation of SIEM/SOAR solutions.Earlier, he held senior executive roles at Juniper Networks, overseeing a $2B product portfolio and leading major M&A efforts, and at Huawei Technologies as SVP and CTO for networking and data center platforms. His engineering leadership at Corona Networks, Caspian, and Bay Networks helped build foundational technologies in network and security architecture.Guest Quote “With agents, you have the power and the speed of an automated process with the unpredictability of a human. And in fact, we are seeing their behavior and their psychology makes them even perhaps less predictable than a human.”Time stamps 01:45 Meet Geoffrey Mattson: Serial Entrepreneur and Cybersecurity Executive 02:40 Why Identity Is Having a Moment 08:40 Defining Agent Identity 12:15 Behavioral Guardrails for Agents 14:37 Agent Identity Lifecycle 17:36 Just-in-Time vs. Standing Privilege 18:02 C-Suite Pressure and Friendly Fires 21:00 When Agents Live Off the Land 26:12 MCP, OAuth, and Token Pitfalls 28:04 Threat Models and Rollout Strategy 30:13 LLMs and Policy Authoring 31:23 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Geoffrey on LinkedInConnect with Sarah on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Recorded live at PSConfEU 2026, Andrew sits down with returning guest Miriam Wiesner, Senior Security Researcher at Microsoft, for a wide-ranging conversation on PowerShell security, cookie-based attacks, and the evolving threat landscape. Miriam walks through her two conference talks — one on Microsoft Teams session cookie hijacking (a follow-up to her 2025 Entra ID cookie talk, complete with Cookie Monster branding and actual handcuffs), and a joint session with Stéphane van Gulick on using Microsoft Defender's Live Response feature for incident investigation. The conversation also covers the current state of PowerShell security, why sophisticated attackers are moving away from PowerShell, and why defenders who haven't enabled script block logging and AMSI are leaving easy wins on the table. On top of the technical deep dive, Miriam and Andrew get into the human side of the conference community — nerves before presenting, imposter syndrome, and why showing up is already half the battle. Key Takeaways: Cookie-based identity attacks are an active and growing threat. Microsoft Teams, SharePoint, and OneDrive share session cookies, meaning a single cookie theft can give an attacker broad access across your organization's collaboration tools — no re-authentication required. Sophisticated threat actors are moving away from PowerShell specifically because its security features work. Script block logging, AMSI, and Constrained Language Mode make PowerShell activity highly visible and detectable. If your org hasn't enabled these, you're handing attackers an easy path. Visibility beats prevention. You can't prevent what you can't see. Detection through proper logging is not a consolation prize — it's a core security strategy, and Microsoft Defender's Live Response feature gives teams a powerful way to investigate isolated endpoints without needing RDP or PowerShell remoting enabled. Guest Bio: Miriam Wiesner is a Senior Security Research Program Manager at Microsoft with over 15 years of experience in IT security, penetration testing, and security automation. She works on research behind Microsoft Defender and Sentinel and is the creator of widely used open source PowerShell security tools EventList and JEAnalyzer. Miriam is a sought-after speaker at major security and PowerShell conferences including Black Hat, PSConfEU, and MITRE ATT&CK Workshops. She's also the author of "PowerShell Automation and Scripting for Cybersecurity," published by Packt. Her conference speaker career started at PSConfEU 2018 and she's been a fixture of the community ever since. Resource Links Miriam's 2025 Cookies talk - https://www.youtube.com/watch?v=8xDcq0pPNPs Book – PowerShell Automation and Scripting for Cybersecurity (Packt): https://www.amazon.com/PowerShell-Automation-Scripting-Cybersecurity-Hacking/dp/1800566379 Miriam on LinkedIn: https://www.linkedin.com/in/miriamwiesner Miriam on X/Twitter: https://x.com/MiriamXyra Miriam's GitHub (EventList, JEAnalyzer, and more): https://github.com/miriamxyra Miriam's Website: https://miriamxyra.com Connect with Andrew: https://andrewpla.tech/links The PowerShell Podcast on YouTube: https://youtu.be/zxJOqcEwgWE  

(Disclaimer: erstellt mit ChatGPT)Hallo liebe Community,

Frank Lesniak joins Andrew Pla for a wide-ranging conversation that covers Frank's newly minted Microsoft MVP status, his journey through PowerShell, and what it looks like to build a real presence in the tech community. Frank talks through the pipeline struggles that tripped him up early on, how his VB Script and object-oriented background made the shift to PowerShell's object model feel disorienting, and how AI has quietly changed the way he approaches scripting today. The conversation takes a thoughtful turn as Andrew and Frank dig into impostor syndrome, the value of conference speaking, and how showing up consistently in the community compounds into a career. Frank also shares an update on DuPage Animal Friends, the nonprofit he serves, which supports one of the country's highest-performing open-admission animal shelters. Key Takeaways: The PowerShell pipeline is one of the most commonly cited stumbling blocks for newcomers, especially those coming from text-based scripting backgrounds. Learning to visualize what your objects look like at each stage of the pipeline, using tools like Get-Member, is a skill that pays dividends long term. Showing up at conferences and user groups, even when you feel underprepared, is how you build the reps that eventually make it feel natural. Frank's consulting background gave him a head start on presentation skills, and he's clear that no one is born polished. Community involvement and career growth are more connected than they might look from the outside. Engaging with people on GitHub, at events, and through open source creates a feedback loop that builds confidence and opens doors. Guest Bio: Frank Lesniak returns to The PowerShell Podcast, this time as a Microsoft MVP (Microsoft Azure, PowerShell). Frank is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe, where PowerShell runs through client work on corporate M&A: carve-outs, tenant-to-tenant migrations, identity consolidation, endpoint moves, and security posture improvement across Microsoft 365, Azure, Entra ID, Active Directory, Intune, Defender, and Windows. Beyond consulting, Frank speaks at technical conferences, mentors first-time speakers, and publishes open-source PowerShell standards and tooling, including PSStyleGuide, GloryRole, and PSConnMon. His public work threads least-privilege identity, cloud role mining, cross-platform observability, and high-quality AI-assisted development through standards, automated tests, and automated code quality reviews. Connect with Frank: https://linktr.ee/franklesniak Connect with Andrew: https://andrewpla.tech/links PSConnMon - PowerShell Network Monitoring - https://github.com/franklesniak/PSConnMon/ GloryRole - Automating Least-Privlege Azure and Entra ID Directory Roles - https://gloryrole.com PowerShell Style Guide - https://github.com/franklesniak/PSStyleGuide PowerShell Style Guide + Coding Agents Lightning Talk - https://github.com/devops-collective-inc/pshsummit26/tree/main/PowerShellStyleGuideForCodingAgentsAndHumans-Lesniak Coding Agent Accelerator Template Repo (Coming Soon!) - https://github.com/franklesniak/copilot-repo-template ProStateKit - the DSC v3-Intune Starter Kit - https://github.com/franklesniak/ProStateKit ProStateKit Promotional Commercial - https://www.youtube.com/watch?v=cA5vMH522F0 macOSLab - Automating Legit macOS VMs - https://github.com/franklesniak/macOSLab DuPage Animal Friends - https://www.dupageanimalfriends.org/ PDQ Discord: https://discord.gg/pdq The PowerShell Podcast: https://www.pdq.com/resources/the-powershell-podcast/ Previous episodes with Frank Lesniak: https://powershellpodcast.podbean.com/?s=Frank+Lesniak The PowerShell Podcast on YouTube: https://youtu.be/Eg-uEGaurmY  

Referências do EpisódioBTMOB: A stealthy RAT burrowing deep into Android devicesDetecting Tycoon 2FA AiTM attacks across Entra ID and Google WorkspaceMicrosoft SharePoint Has a New RCE Flaw. If You Haven't Patched Yet, Go Do That.CVE-2026-45659 - Microsoft SharePoint Remote Code Execution VulnerabilityFake software on GitHub and SourceForge distribute Deno RAT Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

This episode features Mark Diodati, Managing Vice President for Identity and Access Management at Gartner.Mark has spent two decades shaping how the industry thinks about authentication, privileged access, and cloud identity, working with renowned companies like Ping Identity, CA, RSA, and now, Gartner. Today, he leads Gartner's global IAM for Leaders analyst team and sets its research agenda across the full identity stack.In this episode, Mark explains how Gartner's research model works and what his team is prioritizing across identity verification, authorization, ITDR, and decentralized identity. He also breaks down what AI means for identity right now and why securing AI agents is harder than most teams realize.This episode is a deep dive into where identity is heading from someone whose job is to listen to everyone.Guest Bio Mark Diodati is the Managing Vice President for Identity & Access Management at Gartner.Mark is a longtime identity pioneer who helped shape the way the industry thinks about authentication, privileged access management, and cloud identity. He leads a large team of analysts, sets the global IAM research agenda, and rigorously reviews every document to keep the bar high. Before that, he guided Gartner's IAM research for technical professionals, chaired major industry conferences like Catalyst Europe and the Cloud Identity Summit, and drove triple-digit growth in attendance and sponsorships. Earlier in his career, he held key leadership roles at CA, RSA, and Ping Identity, influencing product strategy and partnerships that many identity practitioners rely on today.Guest Quote " One thing we're critically aware of at Gartner is that nobody knows everything. It's impossible.”Time stamps (02:11) Meet Mark Diodati: Identity Analyst and IAM Research Leader (06:00) Inside Gartner: Research, Conferences, and Consulting (09:18) Hiring and Training the Gartner Analyst (15:26) How the Inquiry Process Works (24:07) Gartner Research Products for Identity Professionals (28:02) IAM Research Priorities Right Now (32:31) AI and Identity: Opportunity and Risk (39:35) A Musical Moment with Mark (44:26) Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Mark on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Welcome to Episode 428 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben and Scott unlock the secrets to modernizing your IT management by ditching pesky on-prem GPOs and embracing the future with Intune. They discuss how savvy IT pros are migrating thousands of GPOs into clean, manageable cloud policies. Dive into real-world workflows: from exporting and analyzing legacy GPOs with AI tools, to recreating policies in Entra ID, and finally decommissioning AD. You'll discover how to think through the migration, avoid common pitfalls like leftover legacy configs, and implement a phased migration that minimizes disruption. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes DiskPrices.com These HDD prices are getting crazy. An increase of 96.4% in 1 month for the same 26TB drive. $279.99 a month ago to $549.99 today. Where are we buying hard drives now? Import and analyze your on-premises GPOs using Group Policy analytics in Microsoft Intune Microsoft Copilot in Intune Policy CSP Use the Intune settings catalog to configure settings Use the Intune properties catalog to get device hardware properties Create a Settings Catalog policy using your imported GPOs in Microsoft Intune Sponsors   ShareGate is your migration and governance solution for Microsoft 365. ShareGate helps your teams simplify tenant migrations, get Copilot-ready, and take control of Microsoft 365 governance. Nasuni is a leading unstructured data platform for enterprises where file data is mission-critical for both people and AI. Nasuni powers the operational file layer where work happens — helping organizations manage, protect, and activate data so teams can work smarter, reduce costs, and operate securely without limits. TrustedTech Team is a leading Microsoft Cloud Solution Provider (CSP) specializing in Microsoft Cloud services, Microsoft perpetual licensing, and Microsoft Support Services for medium and enterprise-sized businesses. Their robust team of in-house, U.S.-based Microsoft architects and engineers are certified in all 6/6 Microsoft Solutions Partner Designations in the Microsoft Cloud Partner Program. M365 Licensing Consultation M365 Tenant Assessment Copilot Readiness Assessment  Intelligink — Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

Parce que… c'est l'épisode 0x2FC! Shameless plug 3 au 5 juin 2026 - SSTIC 2026 24 et 25 juin 2026 - Troopers 26 et 27 juin 2026 - leHACK 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Description Dans cet épisode spécial de Polysécure consacré à Cybereco, Charles F. Hamilton présente son analyse annuelle de l'état de la menace cyber en 2026. Comme chaque année, il s'efforce de distinguer le discours marketing des vendeurs de la réalité observée sur le terrain, fort de son expérience quotidienne en tests d'intrusion offensifs. Azure et Entra ID : des failles par défaut Une large partie de la discussion porte sur l'environnement Microsoft Azure et Entra ID (anciennement Azure Active Directory). Charles souligne un problème fondamental : beaucoup d'entreprises partent du principe que « si c'est Microsoft, c'est sécurisé », ce qui crée une forme de déresponsabilisation dangereuse. En réalité, la configuration par défaut d'Azure offre très peu de visibilité — les logs et informations de sécurité essentiels sont verrouillés derrière un paywall, rendant la validation quasi impossible sans un intervenant offensif. Un exemple frappant illustre ce problème : lorsqu'une entreprise configure une politique d'accès conditionnel imposant le MFA pour toutes les applications mais ajoute une seule exception (par exemple pour un compte d'automatisation), Microsoft ajoutait silencieusement Microsoft Graph et Azure Active Directory dans les exceptions. Or, Microsoft Graph est le point d'entrée vers pratiquement tous les services cloud. Un attaquant disposant d'un identifiant et mot de passe pouvait donc s'authentifier via Microsoft Graph sans aucun MFA. Bien que Microsoft ait corrigé ce comportement récemment, toute exception créée avant le correctif reste active. Charles en découvre encore quotidiennement, ce qui pose un problème majeur — notamment pour les assureurs, dont les questionnaires de conformité ne détectent pas ces failles. Le décalage entre sécurité offensive et défensive Charles défend l'idée que la sécurité offensive a une longueur d'avance considérable sur la défensive. Les produits de sécurité défensive bloquent souvent des menaces qui datent de plusieurs années, pas celles d'aujourd'hui. Il prend l'exemple du device code phishing, une technique qu'il utilise depuis une dizaine d'années et que les attaquants malveillants commencent seulement à découvrir en 2026. Les entreprises qui ont investi dans des tests offensifs il y a cinq ou six ans sont déjà protégées ; les autres paniquent aujourd'hui. Il insiste sur la valeur du Red Team : contrairement à un scan automatisé qui produit des milliers de vulnérabilités toutes marquées « critiques », un Red Team raconte une histoire — il identifie le chemin qu'un attaquant emprunterait pour atteindre ce qui a réellement de la valeur pour l'entreprise. Charles mentionne également le score EPSS (Exploit Prediction Scoring System), encore trop méconnu, qui permet de prioriser les vulnérabilités en fonction de leur probabilité réelle d'exploitation plutôt que de leur sévérité théorique. Infostealers et ClickFix : les menaces du quotidien La conversation aborde ensuite les infostealers, des logiciels malveillants qui récupèrent les mots de passe stockés dans les navigateurs. Leur efficacité tient à leur discrétion : ils ne touchent pas aux processus surveillés par les EDR/XDR et sont donc très peu détectés. Pire, ils se propagent souvent via des installeurs gratuits pour des jeux populaires comme Roblox ou Minecraft, ciblant les enfants. Quand un parent prête son ordinateur professionnel à son enfant, les identifiants corporatifs se retrouvent compromis. Charles rapporte des chiffres vertigineux : un de ses contacts dans le domaine possède des logs provenant de 600 millions de postes uniques infectés par des infostealers. Quant aux attaques ClickFix, Charles se dit fasciné qu'elles fonctionnent, car elles demandent à l'utilisateur d'exécuter une série d'étapes complexes — copier du PowerShell dans une invite de commande, par exemple. Mais l'utilisateur moyen ne comprend tout simplement pas ce qu'il fait : les extensions de fichiers, les commandes, tout cela n'a aucun sens pour lui. Le succès du phishing repose uniquement sur l'expérience utilisateur : plus c'est simple, plus ça marche. Supply chain et cas extrêmes Charles partage des histoires marquantes de sa carrière. Il a testé la sécurité d'avions dont les interfaces pilotes tournaient sous Flash et Windows embarqué. Bien que l'avion soit physiquement déconnecté d'internet, le laptop de mise à jour, lui, y passait — ouvrant la porte à des attaques de supply chain. Il raconte aussi le cas de guichets ATM dont le système de gestion acceptait des mises à jour non signées, permettant l'injection de code malveillant. Plus récemment, il a travaillé sur des cas d'infiltration d'employés nord-coréens se faisant passer pour des développeurs. Fait surprenant : ces individus étaient de bons ingénieurs et se faisaient toujours démasquer par des anomalies humaines (incohérences de localisation), jamais par leur code. IA, vibe coding et secrets exposés L'essor du vibe coding assisté par IA aggrave un problème existant : des développeurs qui ne comprennent pas ce qu'ils produisent. Charles a trouvé plus de 124 000 résultats sur GitHub pour « remove client secret » — des commits où des développeurs retirent des secrets Azure (tenant ID, application ID, client secret) sans jamais les révoquer. Beaucoup de ces commits portent les traces caractéristiques de code généré par IA, avec des emojis dans les commentaires. Le paradoxe de l'industrie cyber En conclusion, Charles soulève un paradoxe central : on n'a jamais eu autant de produits de sécurité, de solutions et de technologies pour prévenir les brèches, et pourtant on n'a jamais eu autant de brèches. Les entreprises s'étouffent sous les abonnements coûteux et les promesses marketing, mais négligent l'hygiène de base — segmentation réseau, gestion des correctifs, inventaire des systèmes. L'industrie souffre aussi d'un manque de conséquences réelles pour les entreprises négligentes, ce qui pousse beaucoup d'entre elles à faire le strict minimum. Le vrai travail reste à faire, et il commence par les fondamentaux. Collaborateurs Nicolas-Loïc Fortin Charles F. Hamilton Crédits Montage par Intrasecure inc Locaux réels par Intrasecure inc

This episode features Angie Klein, IAM Business Technology Manager at Federated Insurance.Angie brings over a decade of experience spanning systems development and identity security leadership, holding CISSP, CIDPRO, and CISM certifications and working hands-on with CyberArk, SailPoint IDN, and Active Directory in a regulated environment.In this episode, Angie dives into the organizational and cultural work that most identity programs skip. She shares why identity deserves its own program, how to apply OCM to bring resistant stakeholders on board, and why governance must come first. Angie's core argument is that if identity security creates too much friction, people will route around it, and that's where the real risk lives.This episode makes the case that the hardest part of identity security isn't the technology, it's getting people to trust it enough to stop working around it.Guest Bio As the IAM Business Technology Manager at Federated Insurance, Angie is dedicated to advancing our Identity and Access Management program and the industry as a whole. With over 10 years of experience and currently leading a team of Security Engineers and Identity and Access Analysts, Angie is passionate about IAM and love to see "ah ha" moments when colleagues understand that security is everyone's job.Angie bring over a decade of experience as a Systems Developer, providing extensive technical expertise in the Identity Security domain. I hold certifications, including CISSP, CIDPRO, and CISM. Additionally, she has experience working in the insurance industry and am skilled in CyberArk, Active Directory, SailPoint IDN, Analytical Skills, Project Management, and Public Speaking.Guest Quote "Identity security is ultimately about trust. People have to trust that you are doing the things that will help them do their job securely and not stop them from doing their job."Time stamps 01:45 Meet Angie Klein: Expert IAM Practitioner 01:22 Why Identity Needs Its Own Program 04:30 Why Identity Programs Stall 07:27 Organizational Change Management (OCM) Explained 12:51 OCM in Action 17:08 How to Gain Buy-In for an Identity Security Program 25:05 First Steps for Standing Up a Program 30:22 The Core Pillars of Identity Security 35:00 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Angie on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Today’s headline news for Canadian IT solution providers: inforcer launches Copilot Manager: inforcer has released its new Copilot Manager feature, giving MSPs in-depth visibility into Microsoft 365 Copilot adoption and shadow AI usage across customer tenants. According to the company, as many as 80% of SMB employees are using unauthorized AI tools at work, and IBM research cited by inforcer suggests organizations with high shadow AI exposure average $670,000 more in breach costs. The tool builds on the company’s earlier Copilot Readiness Assessment and has already been trialed in beta by more than 200 MSPs globally. SUSE launches Sovereign Partners Specialization: SUSE has announced a new Sovereign Partners Specialization at its SUSECON 2026 conference in Prague, designed for MSPs and channel partners operating in sovereign cloud environments. The specialization is structured as an agile layer on top of SUSE’s existing partner program, targeting partners who already hold sovereign field certifications and know the SUSE technology stack. For Canadian solution providers, the timing aligns with accelerating data sovereignty requirements under OSFI E-21 and Quebec’s Law 25. Cayosoft launches Microsoft Migration Services: Cayosoft has launched a full-cycle Microsoft identity migration service delivered in partnership with XMS Solutions, covering Active Directory, Entra ID, Microsoft 365, Exchange, SharePoint, and Teams. According to the company, the offering addresses the security exposure that persists after migrations that close on schedule but leave behind broken permissions and unmanaged identity drift. The service spans pre-migration assessment through post-migration monitoring and governance. Kaseya unveils Agentic IT Management Platform: Kaseya has announced what it is calling the first Agentic IT Management Platform, powered by a proprietary dataset the company calls Kaseya Intelligence, combining real-world IT data with an execution layer designed to act autonomously on behalf of MSPs. GuidePoint Security wins CrowdStrike Americas Partner of the Year: GuidePoint Security has been named CrowdStrike’s 2026 Americas Partner of the Year after the two companies surpassed $1 billion in cumulative joint sales, a milestone the company is positioning as validation of its managed security practice. Dyna Software showcases Platform Copilot at Knowledge 2026: Dyna Software is demonstrating Platform Copilot at ServiceNow Knowledge 2026, positioning the tool as a way to generate ServiceNow environment configurations from natural language inputs and images, reducing prototyping time for implementation partners. Kyndryl pushes AI deeper into IT operations: Kyndryl has announced updates expanding autonomous AI capabilities across its global IT operations practice, extending AI-assisted resolution workflows for its managed services engagements. Upwind adds Windows Server runtime visibility: Upwind has launched runtime visibility support for Windows Server virtual machines running across AWS, Azure, and Google Cloud Platform, closing a cross-platform gap in its cloud-native security coverage. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Friday, May 8, 2026, and here’s what’s happening in the channel today. Managing Microsoft 365 Copilot is becoming a genuine operational challenge for MSPs, and a company called inforcer is positioning itself as the answer with the launch of its new Copilot Manager feature. The company, which makes Microsoft 365 multi-tenant management software for managed service providers, says Copilot Manager gives partners in-depth visibility into Copilot adoption trends across all client tenants, and – critically – the ability to monitor shadow AI usage. According to inforcer, as many as eighty percent of SMB employees are bringing their own AI tools to work, using unauthorized or open-source applications that increase the risk of data leakage. The company cites IBM research suggesting one in five organizations have experienced a breach due to shadow AI, with those carrying high shadow AI exposure averaging six hundred and seventy thousand dollars more in breach costs. The business case here is straightforward for solution providers. Copilot has crossed twenty million paid seats. The licensing is in motion. What most MSPs lack is the infrastructure to make Copilot governance a repeatable, billable service rather than a one-time check-in conversation. Copilot Manager has already been trialed in beta by more than two hundred MSPs globally, and the company says it builds directly on a Copilot Readiness Assessment tool released last year, giving partners a documented progression from pre-sales evaluation through ongoing managed AI services. SUSE has launched a new Sovereign Partners Specialization as part of its channel program, a move that carries meaningful implications for the Canadian market. The announcement came at the company’s annual SUSECON conference in Prague last month, with details emerging publicly this week. SUSE is positioning the specialization as an agile layer on top of its existing partner program, designed specifically for early-mover partners who already hold sovereign field certifications and are invested in the sovereign technology market. According to Hayley Wienszczak, SUSE’s head of global partner programs and success, the initial go-to-market will focus on existing SUSE MSPs who know the technology stack, working jointly to onboard the first reference customers onto a full SUSE sovereign stack. More than ninety-eight percent of SUSE’s business runs through partners, and the company is framing the sovereign play as an opportunity to lock in that partner ecosystem around an emerging but fast-growing requirement. For Canadian MSPs, the timing aligns with accelerating regulatory pressure around data sovereignty – OSFI’s E-21 guideline on technology and third-party risk, Quebec’s Law 25, and federal Protected B requirements are all pushing enterprise buyers toward environments where data residency is a verifiable, contractual commitment rather than a vendor promise. SUSE is also opening co-sell registration to ISVs and system integrators alongside MSPs as part of the same program update. Earlier this week, Cayosoft launched a full-cycle Microsoft identity migration service that it says is designed to address the ongoing risk that sits inside most Active Directory and Entra ID environments. The offering, called Cayosoft Microsoft Migration Services, is being delivered in partnership with XMS Solutions, a long-time provider of migration and cybersecurity services. According to the company, the service covers Active Directory, Entra ID, Microsoft 365, Exchange, SharePoint, Teams, and related identity infrastructure, and spans the complete lifecycle from pre-migration assessment through phased execution, data integrity validation, and post-migration monitoring, governance, and recovery. The launch targets a specific and frequently mismanaged problem: migrations that declare success on go-live day while leaving behind broken permissions, duplicated identities, and poorly governed access that creates security exposure for months afterward. Cayosoft is specifically calling out M&A, divestitures, and consolidation scenarios as high-risk contexts. For Microsoft-focused channel partners, the model Cayosoft is describing – migration as the front door into a longer-term identity management and recovery engagement – represents a services motion that can extend well beyond the initial project. Partners who have historically treated Active Directory migrations as one-time engagements may find this a useful framework for repackaging that work as an ongoing managed practice. In Brief Kaseya has unveiled what it is calling the first Agentic IT Management Platform, powered by a proprietary dataset the company calls Kaseya Intelligence.  GuidePoint Security has been named CrowdStrike’s 2026 Americas Partner of the Year after the two companies surpassed one billion dollars in cumulative joint sales.  Dyna Software is showcasing its Platform Copilot at ServiceNow Knowledge 2026, positioning the tool as a way to generate ServiceNow configurations from natural language and images.  Kyndryl has announced updates pushing AI deeper into its IT operations practice, expanding autonomous resolution capabilities across its global managed services engagements.  Upwind has launched new runtime visibility support for Windows Server virtual machines across AWS, Azure, and Google Cloud Platform, addressing a gap in cross-platform endpoint coverage.  Full details and links in the show notes or the blog post. Later today on In The Channel, we continue our Knowledge 2026 series with Cristin Gooderham, area vice president of Canada enterprise sales at ServiceNow, on what the shift to agentic business looks like from a Canadian market perspective. And if you haven’t heard it yet, yesterday on In The Channel we published my conversation with Michael Park, ServiceNow’s global channel chief, on why the company put its AI product leader in charge of the channel – and what that means for how partners get built and compensated going forward.  That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

This episode features Sarah Cecchetti, Director of Product Management at Semperis.A veteran identity executive, Sarah co-founded IDPro and co-authored NIST SP 800-63-3C Digital Identity Guidelines. She previously led Amazon Cognito as Head of Product at AWS, where she also open-sourced Cedar, the policy language at the center of this conversation.In this episode, Sarah presents her Bsides Seattle talk "Identity Crisis: IAM's Wild Ride in the AI Jungle" on why the assumptions that shaped modern identity have been overturned by the pace of agentic AI. She covers where authentication and authorization standards currently fall short for non-human identities and walks through the emerging frameworks the industry is building to fill that gap.This episode makes the case that natural language safety instructions are not a substitute for provable, external guardrails.Guest Bio Sarah Cecchetti is a seasoned technology executive driving product management at Semperis. At AWS, she led Amazon Cognito to triple-digit growth as Head of Product and led the open-sourcing of Cedar, a new access management language. She co-founded IDPro and co-authored NIST SP 800-63-3C Digital Identity Guidelines. Sarah has designed secure identity systems for corporate clients as well as US and Canadian governments and is recognized as a top identity professional by Okta Ventures and OWI. She's a keynote speaker at global identity conferences like Identiverse and Authenticate.Guest Quote  “[The] average enterprise has 250,000 non-human identities, and 97% of those have excessive privilege. And 68% of organizations lack AI identity controls...The concept of excessive privilege has almost been accepted by the industry at this point. That's just the way it's done.”Time stamps 01:45 Meet Sarah Cecchetti: Seasoned Identity Executive 02:36 Sarah's Bsides Seattle Talk: Identity Crisis: IAM's Wild Ride in the AI Jungle 04:19 How Deepfakes Broke Biometrics 06:37 The Scale of Non-Human Identities 09:34 How NHIs Differ from Human Identities 10:38 Why FIDO Doesn't Work for AI Agents 12:19 Introducing SPIFFE and Workload Identity 15:45 How SPIFFE Works in Practice 17:34 Where AI Protocols Are Falling Short 21:12 The Problem with OAuth Client Credentials 23:18 Dynamic Registration and Database Sprawl 24:38 Client ID Metadata Documents Explained 28:43 Authentication Standards: Who Wins the Client ID Field? 30:21 Cedar: Deterministic Authorization for AI Agents 33:58 Clawdrey Hepburn: Sarah's AI Agent in Practice 40:09 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksOAuth Client ID Metadata DocumentConnect with Sarah on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Referências do EpisódioWEBINAR TEMPEST: Superfície exposta, acesso concedido: como ativos esquecidos formam o caminho perfeito para o atacanteMicrosoft Patches Entra ID Role Flaw That Enabled Service Principal TakeoverAgent ID Administrator scope overreach: Service Principal takeover in Entra IDCVE-2026-25874: Hugging Face LeRobot Unauthenticated RCE via Pickle DeserializationCVE-2026-42208: Targeted SQL injection against LiteLLM's authentication path discovered 36 hours following vulnerability disclosureResearchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 MalwareRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

In der neuen Folge von CloudInspires begrüßen wir einen alten Bekannten: Klaus Bierschenk. Bereits Gast in einer unserer ersten Episoden, sprechen wir diesmal über eines der zentralsten Themen moderner IT‑Security: Identitäten in der Cloud.Gemeinsam gehen wir der Frage nach, warum Microsoft Entra ID zwar als Cloud‑Identitätssystem viele Schutzmechanismen mitbringt – ein Backup dennoch unverzichtbar ist. Reicht Soft Deletion wirklich aus? Was muss gesichert werden? Und welche Rolle spielen User, Gruppen, App Registrations und Conditional Access Policies im Ernstfall?Klaus Bierschenk | LinkedInBlog | NothingButCloudMicrosoft Entra Backup and Recovery overview(10) Posten | LinkedInProtecting your Conditional Access Policies: Lean Backup Strategies for Entra ID | NothingButCloudKonferenzenEuropean AI and CloudSummit - European AI & Cloud SummitSysadminday 2026 in Leipzig – Der jährliche Feiertag aller Systemadministratoren!

This episode features a virtual roundtable hosted by Michele Crockett, Associate VP of Product Marketing at Semperis.The panel brings together five practitioners with deep experience in identity security: Alex Weinert, Chief Product Officer at Semperis; Christopher Brumm, Cyber Security Architect at glueckkanja; Eric Woodruff, Chief Identity Architect at Semperis; Jorge de Almeida Pinto, Senior Incident Response Lead at Semperis; and Michael Van Horenbeeck, CEO and Senior Solution Architect at The Collective Consulting. Collectively, they represent experience across incident response, Microsoft product development, enterprise architecture, and security leadership.In this discussion, the panel addresses how to allocate limited security budgets across prevention and recovery, why the same AD misconfigurations keep appearing in assessments year after year, and what AI means for defenders and attackers alike.This episode is a practical, field-tested conversation about what moves the needle when resources are constrained.Guest Quote "80% of permissions that are out there are users that have access to systems they don't need. Going back to that Tier 0 system, a hundred percent of what's got access to Tier 0, you should know what it is, why it has access, why it needs it, [and] what's going on...  Any apps that you can't prove what they're there for, turn them off. See who yells."Time stamps 0:00 Meet the Panelists 00:00 AI in Cybersecurity 02:23 Budgeting for Identity Security 05:08 Field Lessons and AD Misconfigs 08:48 Prioritizing Prevention and Funding 12:59 Current Attacker Trends 14:56 Hybrid and Multi Cloud Risks 17:02 Entra Private Access POC 18:28 Lightning RoundSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Alex on LinkedInConnect with Chris on LinkedInConnect with Eric on LinkedInConnect with Michael on LinkedInConnect with Jorge on LinkedInConnect with Michele on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Power Pages is having a surprisingly good run. In this episode we dig into server-side logic debugging, the new client-side API, and why both feel about 15 years late yet still genuinely useful. We also look at Omar Zaarour's business-rules tool, Danish Naglekar's cross-platform Power Platform Toolbox, and George's Entra ID auto-clicker for making one of the most annoying prompts quietly disappear. References Power Pages Server Logic Debugging Guide | Microsoft Learn Code-only connectors Power Pages Client APIs Overview (preview) | Microsoft Learn Omar Zaarour's T365 Power Pages Business Rules Danish Naglikar's Power Platform ToolBox | Modern desktop companion - PPTB Entra ID Auto Confirm browser extension Get in touch voice@crm.audio Nick Hayduk @Engineered_Code George Doubinski @georgedude

This episode with Joachim Hill-Grannec asks: How do platforms bloat, and how do you keep them simple and fast with trunk-based dev and small batches? Which metrics prove it works—cycle time, uptime, or developer experience? Can security act as a partner that speeds delivery instead of a gate?   We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevSecOps Talks podcast website DevSecOps Talks podcast YouTube channel Summary In this episode of DevSecOps Talks, Mattias speaks with Joachim Hill-Grannec, co-founder of Peltek, a boutique consulting firm specializing in high-availability, cloud-native infrastructure. Following up on a previous episode where Steve discussed cleaning up bloated platforms, Mattias and Joachim dig into why platforms get bloated in the first place and how platform teams should think when building from scratch. Their conversation spans cloud provider preferences, the primacy of cycle time, the danger of adding process in response to failure, and a strong argument for treating security and quality as enablers rather than gatekeepers. Key Topics Platform Teams Should Serve Delivery Teams Joachim frames the core question of platform engineering around who the platform is actually for. His answer is clear: the delivery teams are the client. Platform engineers should focus on making it easier for developers to ship products, not on making their own work more convenient. He connects this directly to platform bloat. In his experience, many platforms grow uncontrollably because platform engineers keep adding tools that help the platform team itself: "Look, I spent this week to make my job this much faster." But Joachim pushes back on this instinct — the platform team is an amplifier for the organization, and every addition should be evaluated by whether it helps a product get to production faster and gives developers better visibility into what they are working on. Choosing a Cloud Provider: Preferences vs. Reality The conversation briefly explores cloud provider choices. Joachim says GCP is his personal favorite from a developer perspective because of cleaner APIs and faster response times, though he acknowledges Google's tendency to discontinue services unexpectedly. He describes AWS as the market workhorse — mature, solid, and widely adopted, comparing it to "the Java of the land." Azure gets the coldest reception; both acknowledge it has improved over time, but Joachim says he still struggles whenever he is forced to use it. They observe that cloud choices are frequently made outside engineering. Finance teams, investors, and existing enterprise agreements often drive the decision more than technical fit. Joachim notes a common pairing: organizations using Google Workspace for productivity but AWS for cloud infrastructure, partly because the Entra ID (formerly Azure AD) integration with AWS Identity Center works more smoothly via SCIM than the equivalent Google Workspace setup, which requires a Lambda function to sync groups. Measuring Platform Success: Cycle Time Above All When Mattias asks how a team can tell whether a platform is actually successful, Joachim separates subjective and objective measures. On the subjective side, he points to developer happiness and developer experience (DX). Feedback from delivery teams matters, even if surveys are imperfect. On the objective side, his favorite metric is cycle time — specifically, the time from when code is ready to when it reaches production. He also mentions uptime and availability, but keeps returning to cycle time as the clearest indicator that a platform is helping teams deliver faster. This aligns with DORA research, which has consistently shown that deployment frequency and lead time for changes are strong predictors of overall software delivery performance. Start With a Highway to Production A major theme of the episode is that platforms should begin with the shortest possible route to production. Mattias calls this a "highway to production," and Joachim strongly agrees. For greenfield projects, Joachim favors extremely fast delivery at first — commit goes to production, commit goes to production — even with minimal process. As usage and risk increase, teams can gradually add automation, testing, and safeguards. The critical thing is to keep the flow and then ask "how do we make those steps faster?" as you add them, rather than letting each new step slow down the pipeline unchallenged. He also makes a strong case for tags and promotions over branch-based deployment, noting his instinctive reaction when someone asks "which branch are we deploying from?" is: "No branches — tags and promotions." The Trap of Slowing Down After Failure Joachim warns about a common and dangerous pattern: when a bug reaches production, the natural organizational reaction is not to fix the pipeline, but to add gates. A QA team does a full pass, a security audit is inserted, a manual review step appears. Each gate slows delivery, which leads to larger batches, which increases risk, which triggers even more controls. He sees this as a vicious cycle. Organizations that respond to incidents by slowing delivery actually get worse security, worse quality, and worse throughput over time. He references a study — likely the research behind the book Accelerate by Nicole Forsgren, Jez Humble, and Gene Kim — showing that faster delivery correlates with better security and quality outcomes. The organizations adding Engineering Review Boards (ERBs) and Architecture Review Boards (ARBs) in the name of safety often do not measure the actual impact, so they never see that the controls are making things worse. Mattias connects this to AI-assisted development, where developers can now produce changes faster than ever. If the pipeline cannot keep up, the pile of unreleased changes grows, making each release riskier. Getting Buy-In: Start With Small Experiments Joachim does not recommend that a slow, process-heavy organization throw everything out overnight. Instead, he suggests starting with small experiments. Code promotions are a good entry point: teams can start producing artifacts more rapidly without changing how those artifacts are deployed. Once that works, the conversation shifts to delivering those artifacts faster. He finds starting on the artifact pipeline side produces quicker wins and more organizational buy-in than starting with the platform deployment side, which tends to be more intertwined and higher-risk to change. Guiding Principles Over a Rigid Golden Path Mattias questions the idea of a single "golden path," saying the term implies one rigid way of working. Joachim leans toward guiding principles instead. His strongest principle is simplicity — specifically, simplicity to understand, not necessarily simplicity to create. He references Rich Hickey's influential talk Simple Made Easy (from Strange Loop 2011), which distinguishes between things that are simple (not intertwined) and things that are easy (familiar or close at hand). Creating simple systems is hard work, but the payoff is systems that are easy to reason about, easy to change, and easy to secure. His second guiding principle is replaceability. When evaluating any tool in the platform, he asks: "How hard would it be to yank this out and replace it?" If swapping a component would be extremely difficult, that is a smell — it means the system has become too intertwined. Even with a tool as established as Argo CD, his team thinks about what it would look like to switch it out. Tooling Choices and Platform Foundations Joachim outlines the patterns his team typically uses when building platforms, organized into two paths: Delivery pipeline (artifact creation): - Trunk-based development over GitFlow - Release tags and promotions rather than branch-based deployment - Containerization early in the pipeline - Release Please for automated release management and changelogs - Renovate for dependency updates (used for production environment promotions from Helm charts and container images) Platform side (environment management): - Kubernetes-heavy, typically EKS on AWS - Karpenter for node scaling - AWS Load Balancer Controller only as a backing service for a separate ingress controller (not using ALB Ingress directly, due to its rough edges) - Argo CD for GitOps synchronization and deployment - Argo Image Updater for lower environments to pull latest images automatically - Helm for packaging, despite its learning curve He notes that NGINX Ingress Controller has been deprecated, so teams need to evaluate alternatives for their ingress layer. Developers Should Not Be Fully Shielded From Operations One of the more nuanced parts of the conversation is how much operational responsibility developers should have. Joachim rejects both extremes. He does not think every developer needs to know everything about infrastructure, but he has seen too many cases where developers completely isolated from runtime concerns make poor decisions — missing simple code changes that would make a system dramatically easier to deploy and operate. He advocates for transparency and collaboration. Platform repos should be open for anyone on the dev team to submit pull requests. When the platform team makes a change, they should pull in developers to work alongside them. This way, the delivery team gradually builds a deeper understanding of how the whole system works. Joachim loves the open-source maintainer model applied inside organizations: platform teams are maintainers of their areas, but anyone in the organization should be able to introduce change. He warns against building custom CLIs or heavy abstractions that create dependencies — if a developer wants to do something the CLI does not support, the platform team becomes a bottleneck. Mattias adds that opening up the platform to contributions also exposes assumptions. What feels easy to the person who built it may not be easy at all; it is just familiar. Outside contributors reveal where the system is actually hard to understand. Designers, Not Artists: Detaching Ego From Code Joachim shares an analogy he prefers over the common "developers as artists" framing. He sees developers more like designers than artists, because an artist's work is tied to their identity — they want it to endure. A designer, by contrast, creates something to serve a purpose and expects it to be replaced when something better comes along. He applies this to platforms and infrastructure: "I want my thing to get wiped out. If I build something, I want it to get removed eventually and have something better replace it." Organizations where ego is tied to specific systems or tools tend to resist change, which leads to the kind of dysfunction that keeps platforms bloated and brittle. Complexity Is the Enemy of Security Mattias raises the difficulty of maintaining complex security setups over time, especially when the original experts leave. Joachim responds firmly: complexity is anti-security. If people cannot comprehend a system, they cannot secure it well. He acknowledges that some problems are genuinely hard, but argues that much of the complexity engineers create is unnecessary — driven by ego rather than need. "The really smart people are the ones that create simple things," he says, wishing the industry would redirect its narrative from admiring complicated systems to admiring simple ones. Security and QA as Internal Consulting, Not Gatekeeping Joachim draws a parallel between security and QA. He dislikes calling a team "the quality team," preferring "verification" — they are one component of quality, not the entirety of it. Similarly, security is not one team's responsibility; it spans product design, development practices, tooling, and operations. His ideal model is for security and QA teams to operate as internal consultants whose goal is to reduce risk and improve the overall system — not to catch every possible issue at any cost. The framing matters: if a security team's mandate is simply "block all security issues," the logical conclusion is to stop shipping or delete the product entirely. That may be technically secure, but it is useless. He frames security as risk management: "Security is a risk management process, not just security for the sake of security. You're managing the risk to the business." The goal should be to deliver faster and more securely — an "and," not an "or." Mattias recalls a PCI DSS consultant joking over drinks that a system being down is perfectly compliant — no one can steal card numbers if the system is unavailable. The joke lands because it exposes exactly the broken incentive Joachim describes. Business Value as the Unifying Frame The episode closes by tying everything back to business outcomes. Joachim argues that speed and security are not opposites; both contribute to business value. Fast delivery creates value directly, while security reduces business risk — and risk management is itself a business operation. He explains why focusing on the highest-impact business bottleneck first builds trust. When you hit the big items first, you earn credibility, and subsequent changes become easier to justify. For example, one of his clients has a security group that is the slowest part of their organization. Speeding up that security process would have a massive impact on business delivery — more than optimizing the artifact pipeline. Mattias reflects that he used to see platform work as separate from business concerns — "I don't care about the business, I'm here to build a platform for developers." Looking back, he would reframe that: using business impact as the measure of platform success does not mean abandoning the focus on developers, it means having a clearer way to prioritize and demonstrate value. Highlights Joachim on platform bloat: "Your job is not to make your job faster and easier — you're an amplifier to the organization." Joachim on his favorite metric: "Cycle time is my favorite metric. I love cycle time metrics." Joachim on deployment strategy: "No branches, no branches — tags and promotions." Mattias on platform design: He calls the ideal early setup a "highway to production." Joachim on simplicity vs. ease: He references Rich Hickey's Simple Made Easy talk — "It's very hard to create simple systems that are easy to reason about. And it's very easy to create systems that are very hard to reason about." Joachim on replaceability: "If swapping a tool out would be extremely hard, that's a pretty big smell." Joachim on complexity and security: "If it's complicated, you just can't keep all the context together. Simple systems are much easier to be secure." Joachim on engineering ego: "I don't particularly like the aspect of [developers as] artists... I want my thing to get wiped out. I want it to get removed eventually and have something better replace it." He prefers the analogy of designers over artists, because artists tie their identity to their creations. Joachim on security as a blocker: "If their goal is we are going to block every security issue, the best way to do that is delete your product." Spicy cloud takes: Joachim calls GCP his favorite cloud for developers, compares AWS to "the Java of the land," and says he still struggles every time he is forced to use Azure. PCI DSS dark humor: Mattias recalls a consultant joking that a downed system is perfectly compliant — you cannot steal card numbers from a system that is not running. Joachim on the slow-down trap: Organizations add ERBs, ARBs, and manual security gates after incidents, but "the faster you can deliver, you actually get better security, better quality, and better throughput — and the more you slow it down, you go the opposite." Resources Simple Made Easy by Rich Hickey (InfoQ) — The influential 2011 talk Joachim references on distinguishing simplicity from ease in system design. DORA Metrics: The Four Keys — The research framework behind cycle time, deployment frequency, and the finding that speed and stability are not tradeoffs. Trunk Based Development — A comprehensive guide to the branching strategy Joachim recommends over GitFlow. Argo CD — Declarative GitOps for Kubernetes — The GitOps tool Joachim's team uses for cluster synchronization and deployment. Release Please (GitHub) — Google's tool for automated release management based on conventional commits, used by Joachim's team for tag-based promotions. Karpenter — Kubernetes Node Autoscaler — The node autoscaler Joachim's team uses with EKS for fast, flexible scaling. Renovate — Automated Dependency Updates — The dependency management bot Joachim uses for both build dependencies and production environment promotions.

This episode features Sander Berkouwer and Raymond Comvalius, two longtime identity security experts and Microsoft Most Valuable Professionals (MVPs).Sander is an independent identity architect and author of the Active Directory Cookbooks. Raymond is an IT specialist and senior technical consultant specializing in hybrid identity, Microsoft Entra ID, and identity lifecycle automation.In this episode, they explore a growing blind spot in cloud security: application governance. As organizations adopt more cloud apps and integrations, identity platforms like Microsoft Entra ID often accumulate hundreds of application registrations with little oversight.They explain why governance so often falls behind adoption, share practical steps organizations can take to regain control, and discuss the next frontier of identity.Guest BiosSander Berkouwer DirTeam Sander Berkouwer works as an independent identity architect in the Netherlands, where he helps organizations make the most out of Microsoft products, services, strategies, and technologies. Sander blogs on DirTeam.com. He regularly gets invited as speaker for his enthusiastic approach, his in-depth real-world knowledge and as the author of the much-appraised Active Directory Cookbooks. Sander has been awarded the Microsoft Most Valuable Professional (MVP) award (for the last 17 years), Veeam Vanguard award (for the last 8 years) and VMware vExpert (for 3 years).Raymond Comvalius Raymond Comvalius is an IT specialist and senior technical consultant with more than two decades of experience delivering enterprise infrastructure, identity, and security improvements. His work centers on hybrid identity and Microsoft ecosystems, including Microsoft Entra ID, Conditional Access, and identity lifecycle automation with Microsoft Graph and scripting. Raymond advises teams on pragmatic roadmaps for strengthening authentication (MFA, passkeys/FIDO2, Windows Hello), improving governance, and operationalizing secure access at scale across cloud and on-prem environments. Beyond consulting, he serves as a board member and co-hosts the IT Bro's Podcast, sharing news and insights for identity and security professionals.Guest Quotes  “In your tenant, you want to know what objects are in there, and it doesn't matter if those are users or groups or applications. You want to know what's in there so that you can keep track of what's going on.” - Raymond Comvalius“There's a difference between an application and an agent. An agent is far more ephemeral. It does a job that requires some sort of permission. It spins up, it does its thing, and it spins down.” - Sander BerkouwerTime stamps 00:45 Meet Sander Berkouwer and Raymond Comvalius: Microsoft Most Valuable Professionals (MVPs) 02:32 Importance of Entra Application Governance 12:29 How to Get Started with Application Governance 20:18 Understanding Entra Agent ID 26:59 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Sander on LinkedInConnect with Raymond on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

In this week's episode, we look at recent Microsoft Tech updates. By popular request, we're expanding our scope beyond Azure to include Microsoft 365, Power Platform, and related Microsoft platforms and capabilities. What's new? What's interesting? What's retiring? (00:00) - Intro and catching up.(03:43) - Show content starts.Show links- Entra ID-based identities for Azure Blob Storage SFTP- GA: Draft & Deploy on Azure Firewall- Microsoft 365 E7 (and Agent 365)- Azure Skills Plugin- Defender for Cloud release notes- Microsoft Sentinel what's new- Defender XDR what's new- Microsoft Entra releases and announcements- AKS supported Kubernetes versions- AKS security bulletins- Give us feedback!

This episode features Krista Arndt, Associate CISO at St. Luke's University Health Network.With a career spanning healthcare, finance, crypto, and the Department of Defense, Krista brings a uniquely nontraditional path into cybersecurity, one shaped by mission-driven leadership, authenticity, and a commitment to mentorship.In this episode, Krista explains why identity sits at the center of nearly every major cyber incident and shares lessons from real-world response work. She also draws a striking parallel between incident response and her life as a national drag racing competitor, where staying calm under pressure and building in fail-safes can mean the difference between disaster and resilience.This episode is a powerful look at what it means to lead in cybersecurity.Guest Bio Krista Arndt is the Associate CISO SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day-to-day operational effectiveness. In her previous roles, Krista assisted with developing and leading security programs in crypto, finance, and the Department of Defense. Krista earned her Bachelor's Degree in Biology from Felician College in NJ where she was a scholarship athlete, serving as the women's basketball team captain. She also holds her CISM and CRISC certifications and NHRA competition driver's license.Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter's Healthcare Sector Chief, serves on Neumann University's Business Advisory Council and is Marketing Committee chair for Women in Cybersecurity-Delaware Valley Affiliate. Krista is also a published author, detailing her journey to embracing her unique authenticity in her book, “Permission to be Real; How to Lead, Influence, and Thrive Without Fitting the Mold". Through this service and her writing, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field. When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.Guest Quote “In the incidents that I've been involved in, major or not, I'll tell you—identity is at the crux of that... They're trying to get unfettered access…  How do they get unfettered access? Through an identity that isn't secured correctly.”Time stamps 00:45 Meet Krista Arndt: Veteran CSO 06:17 Writing Permission to Be Real 10:43 Speaking the Business Language: Why Security Translation Matters 12:49 Lessons from Real-World Incidents 15:43 AI Agents and the Next Wave of Identity Risk 16:55 What Drag Racing Teaches About Incident Response 23:28 Surviving the CISO Seat 26:44 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Krista on LinkedInCheck out Krista's book: Permission to be RealLearn more about St. Luke's University Health NetworkConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

This episode features Drew Russell, Identity Resilience Platform Owner at Rubrik. Jim McDonald and Jeff Steadman explore the intersection of backup, recovery, and identity security. Drew explains how Rubrik evolved from data backup into a cyber resilience platform with identity as a core pillar. Topics include recovering Active Directory, Okta, and Entra ID after ransomware, Rubrik's "bunker in a box" appliance for immutable air-gapped recovery, proactive posture management, CrowdStrike and Defender integrations, and where AI and non-human identities fit into Rubrik's roadmap. The episode wraps with measuring success for a product you hope to never use, and a detour into watch collecting.This episode was made possible by the support of Rubrik. Learn more at rubrik.com/idacConnect with Drew: https://www.linkedin.com/in/drew-russell-3762411b/Learn more about Rubrik: https://www.rubrik.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTIMESTAMPS00:00:00 - Welcome and Introduction00:01:19 - Introducing Drew Russell00:01:36 - How Drew Got Into Identity00:02:43 - What Is Rubrik and What Sets It Apart00:03:38 - From Backup to Cyber Resilience00:05:31 - Where Rubrik Fits in the IAM Landscape00:07:08 - Rubrik's Scale: Clients and Growth00:07:51 - Primary Use Cases: Post-Incident Recovery and AD00:09:09 - Kicking Out Compromised Accounts and ADR00:10:11 - Proactive Threat Detection and Mandiant Integration00:11:28 - Scanning Backups to Find the Clean Recovery Point00:12:14 - The Bunker in a Box Explained00:13:18 - Posture Management and Upstream Tool Integration00:14:19 - AI Agent Swarms and the Future Attack Surface00:15:37 - The Taiwan Bank Case Study: Six Weeks to Rebuild AD00:17:16 - The State of Nevada Incident: $400K and 30 Days00:17:56 - What Recovery Covers: AD, Okta, and Entra ID00:19:26 - Post-Restore Change Management and Whitelisting00:20:08 - How Long Should You Store Backups?00:21:19 - Indexing Identity for Intelligent Recovery Points00:22:29 - Excluding Malicious Actions During Restore00:24:41 - Zero Trust for Rubrik's Own Backups00:26:21 - No Windows, No Virtualization Architecture00:27:49 - Proactive Posture Management00:29:00 - CrowdStrike and Defender Real-Time Integration00:30:48 - Why Tabletop Exercises Often Fall Short00:31:53 - AI Roadmap and Non-Human Identities00:34:22 - The Three Pillars: Data, Identity, and AI00:35:29 - Deployment: SaaS vs. On-Prem00:38:37 - Appliance Sizing and Redundancy00:42:23 - Measuring Success for a Product You Hope to Never Use00:43:46 - The Ludacris Rubrik Commercial00:45:31 - Watch Collecting and the Omega Speedmaster00:53:39 - Drew's Closing WordsKEYWORDSIdentity at the Center, IDAC, Jeff Steadman, Jim McDonald, Rubrik, Drew Russell, identity resilience, cyber resilience, Active Directory recovery, AD backup, Okta recovery, Entra ID recovery, identity backup, ITDR, ISPM, non-human identity, NHI, agentic AI, ransomware recovery, bunker in a box, immutable backup, CrowdStrike integration, Microsoft Defender integration, Mandiant integration, identity disaster recovery, ADR, zero trust, tabletop exercises, posture management, IAM, identity security podcast, cybersecurity podcast

This episode features Cliff Fisher, Senior Solutions Architect at Semperis and former Senior Technical Program Manager on Microsoft's Active Directory product group.With over a decade spent inside Microsoft supporting enterprise customers and helping guide Active Directory's security and roadmap, Cliff brings a rare insider perspective on what's actually happening behind the scenes of one of the world's most widely deployed identity platforms.In this episode, Cliff tackles the question many organizations are still asking: Is Active Directory really going away? He explains why the shift to cloud identity has moved far slower than expected, shares polling data that confirms hybrid environments are here for the long term, and breaks down how Microsoft is still investing in AD through security hardening, supportability improvements, and features like Windows LAPS.This episode offers a clearer look at why Active Directory remains central to enterprise identity and what defenders need to prepare for as hybrid becomes the default reality.Guest Bio With nearly 20 years of Active Directory experience across varied roles in system administration, support, debugging, and program management, Cliff spent over a decade at Microsoft supporting Premier and Unified customers and, most recently, managing the releases of Windows LAPS, new features for Server 2025, and monthly security and quality updates. In January of 2026, he joined Semperis, bringing his unique blend of skills, perspectives, and passion to their stacked roster of established identity experts.Guest Quote  “The easiest way to get everyone secure is to get people all to the cloud. What [Microsoft] didn't realize... is that customers just aren't going to be able to absorb change at that rate, and especially at that cost. Shifting to the cloud is not cheap.”Time stamps 01:45 Meet Cliff Fisher: Identity security expert 04:24 Microsoft's Vision for Active Directory 07:58 Challenges and Future of Active Directory 23:12 The Complexity of AD Code and Security Vulnerabilities 24:39 Understanding Fuzzing and Its Importance 27:28 Domain Join Hardening and Its Challenges 36:28 Windows LAPS and Future Security Measures 41:39 Why is RC4 Going Away? 45:14 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Cliff on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about SemperisSubmit your proposal to speak at HIP Conf 26: HIP Conf 26 Call for Papers Submission

This episode features Tim Beasley, a Senior Incident Response Consultant at Semperis with decades of experience in compromise recovery and post-breach response.With a background that includes leading recovery efforts at Microsoft's DART team and helping build the Compromise Recovery Security Practice, Tim brings deep operational insight into what happens after attackers gain access. His work spans ransomware, nation-state intrusions, and large-scale identity compromises across public and private sector organizations.In this episode, Tim explains why gaining access is only the beginning of modern attacks and why identity remains the primary path for escalation. He breaks down how attackers exploit credential exposure and identity infrastructure, and why prevention alone fails without a recovery-first mindset. He shares real-world lessons from incident response and recovery, including how teams contain threats and limit the impact of identity compromises.This episode reframes identity security as a resilience problem and offers a clearer way to think about preparing for the breach you haven't detected yet.Guest Bio Tim Beasley is a Senior Incident Response Consultant at Semperis. He is Microsoft and VMware Certified, a MIS graduate, and a self-driven IT professional with experience in both public sector and private sector technology. While extremely loyal to employers, Tim has gained quality knowledge throughout a career that's enabled tremendous growth in an IT security environment. He enjoys challenges and implements proactive measures to maintain complete customer satisfaction and success.Guest Quote “Everything in compromise essentially starts with identity. We always say identity is the new perimeter. It's true. All attacks, breaches, every engagement that I've been a part of... all start with a compromised set of credentials.”Time stamps 00:41 Meet Tim Beasley: Cybersecurity Specialist 01:32 Tim's Journey at Microsoft 12:24 The Role of Identity in Cybersecurity 20:57 Real-World Cybersecurity Identity Challenges 23:27 The Big Four in Identity Management 24:01 Flashcard Fiascos: Cyberattacks Across Industries 32:50 Assume Breach Mentality 37:08 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Tim on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Welcome to Episode 421 of the Microsoft Cloud IT Pro Podcast. In this episode Ben sits down for a conversation with Frank Lesniak, the lead of the Microsoft 365 team at West Monroe. In this episode, they dive into the intricacies of mergers and divestitures within Microsoft 365 environments. They discuss the initial due diligence phase, planning and approach, building and configuring new environments, and the final migration and cutover phase. Frank shares insights on common challenges such as integration of different licensing models, the handling of workstations and applications, and the importance of security assessments. The episode provides a detailed look at the methodology and tools used by Frank’s team to streamline these complex processes. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Frank Lesniak on LinkedIn West Monroe Frank Lesniak Github Microsoft 365 tenant-to-tenant migrations Microsoft 365 inter-tenant collaboration Tenant life cycle considerations in multitenant solutions Frank Lesniak Frank Lesniak is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe with nearly 20 years of experience leading consulting engagements involving Microsoft infrastructure technology. His expertise spans modern cloud systems like Azure, Microsoft 365, and Entra ID to classic platforms like Windows Server, Active Directory, and SQL Server. His recent focus has been on Microsoft platform cybersecurity and automating technical processes using PowerShell. In his role, Frank establishes technical project methodologies, leads teams, automates associated processes, and creates internal software products at West Monroe and in the open-source community. About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

This episode features Dr. Mary Aiken, Professor of Cyberpsychology at Capitol Technology University and one of the world's leading experts on the impact of technology on human behavior.With a career spanning academia, law enforcement advisory roles, and global policy work with organizations like INTERPOL and Europol, Dr. Aiken brings deep insight into how human psychology shapes security outcomes. Her work focuses on the human layer of cyber risk—how trust, perception, fatigue, and bias influence behavior in digital environments.In this episode, Dr. Aiken explains why humans aren't the weakest link in cybersecurity but the most targeted. She shows how attackers weaponize human behavior through phishing, MFA fatigue, and insider recruitment, and why hybrid identity must be treated as a cyber-psychological battlefield. She also discusses what human-aware defenses look like in practice and why intelligence augmentation is critical to psychological and technical resilience.This episode reframes identity security as a human problem first and offers a clearer way to think about protecting people in an increasingly manipulative digital world.Guest BioDr Mary Aiken is a world leading expert in Cyberpsychology – the study of the impact of technology on human behaviour. She is Professor of Cyberpsychology and Chair of the Department of Cyberpsychology at Capitol Technology University Washington D.C.'s premier STEM University, and Professor of Forensic Cyberpsychology at the University of East London. Professor Aiken is a Member of the INTERPOL Global Cybercrime Expert Group and an Academic Advisor to Europol's European Cyber Crime Centre (EC3). She is a Fellow of The Royal Society of Medicine, a member of the Medico-Legal Society and an International Affiliate Member of the American Psychological Association (APA). She is a former Global Fellow at the Washington DC Wilson Center, and is a Fellow of the Society for Chartered IT Professionals. She is a former Director of the Royal College of Surgeons (RCSI) Cyberpsychology Research Centre. Dr Aiken's work inspired the CBS PrimeTime TV series 'CSI: Cyber.' Her landmark bestselling book 'The Cyber Effect' was a 2016 'Times book of the year.' Dr Mary Aiken is recognised as an international expert in industry and policy debates at the intersection of technology and human behaviour she has been invited to present at events organised by global organisations such as the United Nations, the European Union, NATO, G7, Europol, INTERPOL and the White House.Guest Quote“People talk about humans being the weakest link in the cybersecurity equation. They're not the weakest link, they're just simply the most targeted link.”Time stamps01:58 Meet Dr. Mary Aiken: World-leading Expert in Cyberpsychology 03:17 The Psychology of Cybersecurity 10:40 Behavioral Differences Online vs. Real World 15:17 Cyber Behavioral Attack Vectors 23:05 Future of Cybersecurity: AI and Human Collaboration 25:46 Conclusion and Final ThoughtsSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Dr. Aiken on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

This episode features Andy Drag, Staff Product Manager at Cohesity.With a background in systems administration and two managed service provider startups, Andy brings deep, hands-on insight into the challenges IT teams face. Over the last decade, he's led product management across backup vendors and SaaS continuity platforms, shaping products around integrations, cyber recovery, and resilience.In this episode, Andy shows how ransomware has changed the stakes for backup and identity, and why they must be treated as tier-zero systems. He explains how attackers now target backup platforms, what tighter roles, isolation, and immutability look like in practice, and why actually rehearsing recovery is more important than any architecture diagram.This is a realistic look at whether your recovery plan will work in a real-world attack or only looks good on paper.Guest Bio Andrew Drag is a Staff Product Manager at Cohesity, focused on identity resilience and Microsoft enterprise applications.. He began his career in systems administration before founding two local managed service provider startups, giving him deep, hands-on experience with the challenges IT teams face. Over the last decade, he has transitioned into product management, shaping products across legacy backup and recovery vendors as well as SaaS business continuity platforms with specific focuses on integrations, cyber recovery, and SaaS-ification. Drawing on this blend of practitioner insight and product leadership, he is passionate about building solutions that help organizations stay resilient in the face of change. Based in the New York metro area, he brings a practitioner's perspective to product leadership, ensuring technology solves real-world challenges.Guest Quote "One of the most important things is testing your recoveries. In a disaster, when you do a recovery, you don't want it to be the first time that you're performing that recovery.”Time stamps 01:16 Meet Andrew Drag: Identity Resilience and Data Protection Expert 01:57 Why Traditional Data Protection Breaks Down 04:19 Modern Data Protection: From Backups to Resilience 05:47 The Hard Truth About Recovering After an Attack 08:43 Core Best Practices for Data Protection 10:32 Elevating Backup and Identity to Tier 0 13:23 Using Backup Data for AI and Analytics 16:22 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Andy on LinkedInLearn more about CohesityConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

A new year - and so much to do! To start 2026, Richard flies solo again to discuss the issues he's seen on sysadmins' minds as we head into the new year. Obviously, AI is eating up a lot of the conversation from many different angles: tools that can help us be more productive, security issues in our organizations due to misuse, and now, AI-driven hacking. Security still looms large, and not just from an AI perspective - the latest round of supply chain attacks has led to litigation, putting new emphasis on making sure you're secure. Windows has a new leader, things are changing there, and there's the ongoing migration to the cloud. Does it still make sense? There seems to be more concern about data sovereignty than ever, and some meaningful conversations to have. Happy New Year!LinksAzure SRE Agents with Deepthi ChelupatiMicrosoft PurviewThe M365 Copilot Data Readiness Checklist with Nikki ChappleQuering for Breaches with Mark MorowcyznskiManaging Vendor Incidents with Mandi WallsIncident Management and the Crowdstrike event with Lieam WestleyMicrosoft IntuneMicrosoft Entra IDMicrosoft Defender for EndpointMicrosoft Entra ID Protection with Corissa KoopmansWindows Server 2025Upgrading to Windows Server 2025 with Robert SmitRecorded December 20, 2025

In this episode, we take a look at three interesting - and free - tools to help you manage and secure Azure and Entra ID. We take each tool for a spin and reflect on the findings and usage.(00:00) - Intro and catching up.(03:15) - Show content starts.Show links‑ ScEntra‑ azqr - Azure Quick Review‑ EntraExporter- Give us feedback!

Think your cloud backups will save you from a ransomware attack? Think again. In this episode, Matt Castriotta (Field CTO at Rubrik) explains why the traditional "I have backups" mindset is dangerous. He distinguishes between Disaster Recovery (business continuity for operational errors) and Cyber Resilience (recovering from a malicious attack where data and identity are untrusted) .Matt speaks about the "dirty secrets" of cloud-native recovery, explaining why S3 versioning and replication are not valid cyber recovery strategies . The conversation shifts to the critical, often overlooked aspect of Identity Recovery. If your Active Directory or Entra ID is compromised, it's "ground zero” and you can't access anything. Matt argues that identity must be treated as the new perimeter and backed up just like any other critical data source .We also explore the impact of AI agents on data integrity, how do you "rewind" an AI agent that hallucinated and corrupted your data? Plus, practical advice on DORA compliance, multi-cloud resiliency, and the "people and process" side of surviving a breach.Guest Socials - ⁠Matt's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions:(00:00) Introduction(02:20) Who is Matt Castriotta?(03:20) Defining Cyber Resilience: The Ability to Say "No" to Ransomware(05:00) Why "I Have Backups" is Not Enough(06:45) The Difference Between Disaster Recovery and Cyber Recovery(10:20) Cloud Native Risks: Versioning and Replication Are Not Backups(12:50) DORA Compliance: Multi-Cloud Resiliency & Egress Costs(15:10) The "Shared Responsibility Model" Trap in Cloud(17:45) Identity is the New Perimeter: Why You Must Back It Up(22:30) Identity Recovery: Can You Restore Your Active Directory in Minutes?(25:40) AI and Data: The New "Oil" and "Crown Jewels"(27:20) Rubrik Agent Cloud: Rewinding AI Agent Actions(29:40) Top 3 Priorities for a 2026 Resiliency Program(33:10) Fun Questions: Guitar, Family, and Italian Food

This episode features Christopher Brumm, Cyber Security Architect at glueckkanja AG.With 15+ years in IT security, Chris has worked across Microsoft's security portfolio and beyond, moving from network and data-center defense into deep identity work with Active Directory and Entra ID. He's now an identity SME, a GK Identity Community moderator, a frequent community speaker, and a regular writer on security and identity.In this episode, Chris explores the limitations of Active Directory security and how Microsoft's new Global Secure Access directly addresses those gaps. He breaks down how zero trust principles and granular controls work in practice, and why connecting on-prem servers to the cloud is now simpler and safer. Chris shows how this shift strengthens defenses by enforcing access through identity-first policies instead of outdated network-centric models.This is a clear, field-tested walkthrough of why hybrid identity security needs a new playbook, and how Global Secure Access helps teams close the holes attackers rely on most.Guest BioFor over 15 years, Christopher Brumm has been immersed in IT security topics, possessing extensive knowledge and practical experience in the Microsoft Security Portfolio and beyond. Over the years, he has progressed from network and data center topics to Active Directory and Entra ID, delving deeper into identity security. Today, he is a Subject Matter Expert for Identity in the Security Team and a moderator of the GK Identity Community. He regularly speaks at community events and publishes blog posts on security and identity topics. Chris's latest passion is Global Secure Access, where the themes of identity, security, and networking converge to enable a comprehensive Zero Trust approach.Guest Quote “It's not realistic to modernize protocols like Kerberos or SMB to support MFA and device compliance... but we have an option to control the network layer.”Time stamps01:07 Meet Christopher Brumm: Microsoft Security MVP and CISSP02:00 The Hybrid Identity Attack Playbook06:03 Active Directory vs. Entra ID: The Security Gap09:02 Breaking Down Global Secure Access11:58 What This Looks Like for Real Users16:17 Bringing Zero Trust to the Network Layer17:50 What You Need to Deploy Global Secure Access20:48 Conclusion and Final ThoughtsSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Christopher on LinkedInLearn more about glueckkanja AGWatch Christopher's talk at HIPConf 2025Connect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Podcast DescriptionIn Episode 189 of The Citrix Session, host Bill Sutton, Director of Modern Workspace at XenTegra, is joined by Solutions Architects Stuart Donaldson and Randy Price for a deep dive into one of the most significant updates in modern Citrix authentication.This episode unpacks Microsoft Entra ID Single Sign-On inside Citrix sessions and what it means for end users, admins, and the future of passwordless access. The team breaks down why FAS has become a layer of technical debt, how Entra ID SSO removes friction for users, and what prerequisites and limitations customers need to know before adopting it.Listeners will learn: • How Entra ID SSO eliminates duplicate authentication inside Citrix sessions • Why Primary Refresh Token support is a major win for M365 user experience • What environments are supported and where FAS is still required • Operational considerations like Windows 11 requirements, VDA versions, and the impact on Auto Client Reconnect • Known issues, performance implications, and what to expect in future iterationsIf you support Citrix DAS, modern authentication, or hybrid identity environments, this episode gives you a practical, expert-level overview of what Entra ID SSO unlocks and why it matters.Technical Details can be found at: https://docs.citrix.com/en-us/citrix-daas/install-configure/session-authentication/entra-sso.html

Welcome to Episode 416 of the Microsoft Cloud IT Pro Podcast. In this week’s episode, Ben finally has a chance to sit down with Henrik Wojcik. Henrik has been a long-time listener as well as a fellow Microsoft MVP in Security and we finally had the chance to sit down and record an episode together, something we’ve talked about doing for years. As they sit down and enjoy a sunny afternoon in at Microsoft Ignite in San Francisco they discuss security in the financial sector, EU regulations (N2 and DORA), integrating Data Lake with Sentinel, optimizing log analytics, and the latest on Security Copilot and E5 licensing. They also spend some time chatting about some of their conference highlights, assisting as proctors in the hands-on labs, and the unique experience of Ignite in San Francisco. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Microsoft Ignite (with sessions on demand) Microsoft Ignite Book of News Catch up on Microsoft Security sessions and announcements from Ignite 2025 Microsoft Sentinel benefit for Microsoft 365 E5, A5, F5, and G5 customers Learn about Security Copilot inclusion in Microsoft 365 E5 subscription Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI What is Microsoft Sentinel data lake? KQL and the Microsoft Sentinel data lake Henrik F. Wojcik Henrik has worked in the IT industry since 2003. He’s always had a passion for learning new technologies and expanding his knowledge through various means such as online courses, webinars, and reading up on the latest developments in the industry. Throughout his career, he’s gained experience in various areas of IT, making him a true jack of all trades. However, his latest interests lie in the security space, modern workplace and management in Azure, with a particular focus on cyber security. He has experience working with products such as Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365, Conditional Access, Microsoft Sentinel, and Microsof t Entra ID. His primary focus is on security on Azure workloads and identity (Entra ID). He prioritizes security awareness and believe that learning never stops, which is why He’s always eager to expand my knowledge and skillset. In the past, He’s also worked with various tools and technologies such as Cisco, Citrix, Dynamics AX, Exchange, ITIL, Azure, SCCM & SCOM, Scrum & Kanban, VMware, Windows Servers, and Windows Desktops. About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

This episode features Daniel Stefaniak, Vice President Architect - Cybersecurity and Identity at JPMorgan Chase.With deep experience as an IT architect, consultant, and technical program manager, Daniel has helped design and deploy large-scale IAM and CIAM solutions that support millions of users. He is widely recognized for his expertise in Active Directory and Entra ID and for bringing clear, unfiltered insight into some of the industry's toughest identity challenges.In this episode, Daniel explains why attack path management is never a one-and-done effort, how to focus on the high-impact issues that matter most, and why success depends on dedicated ownership rather than tools alone.This is an honest and practical look at what it truly takes to understand and manage attack paths in modern identity environments.Guest Bio Experienced IT Architect, Consultant, and Technical Program Manager specializing in Active Directory and Entra ID (Azure AD). A recognized industry leader in Identity and Access Management (IAM) and cybersecurity, with extensive expertise designing and deploying large-scale cloud-based IAM and CIAM solutions supporting millions of users.Former Microsoft Program Manager, instrumental in driving technical content, readiness, and enterprise adoption of Azure AD. Proven ability to lead end-to-end project lifecycles, align security strategies with regulatory requirements, and design robust directory and identity federation solutions.Guest Quote " You cannot be an active directory admin or an architect owner of the service, and run an attack path management program on the side. You need a dedicated team to do it.”Time stamps 01:05 Meet Daniel Stefaniak: The IAM Guy 02:08 The Insanity of Attack Path Management 03:27 Challenges and Realities of Attack Path Management 07:57 Choosing the Right Tools 10:32 Implementing Effective Attack Path Management 12:50 Using OKRs in Tech Path 14:50 Team and Resource Requirements 16:20 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Daniel on LinkedInLearn more about JPMorgan ChaseConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Microsoft to block unauthorized scripts in Entra ID logins with 2026 CSP update New legislation targets scammers that use AI to deceive ASUS firmware patches critical AiCloud vulnerability  Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn't just a tech problem—it's a human one.   That's why KnowBe4's Human Risk Management platform allows you to measure, quantify and actually reduce human risk across your organization.   With AI-powered risk scoring, automated coaching and reporting, HRM+ helps you surface your highest risk users and reduce the risk of data breaches and cyberattacks proactively. Ready to move from awareness to action? Request a demo of HRM+ today at knowbe4.com.   Find the stories behind the headlines at CISOseries.com.

Welcome to Episode 415 of the Microsoft Cloud IT Pro Podcast. Ben and Scott discuss the major announcements from Microsoft Ignite 2025, focusing on the dominant themes of AI agents and security. The conversation centers on three key areas: Security Copilot updates, Agent 365 for governance, and the broader security and management implications for IT professionals. Key Discussion Topics Security Copilot Expansion to E5 Customers 12 new Security Copilot agents coming to Defender, Entra, Intune, and Purview 30+ partner agents being added to the ecosystem Major announcement: Security Copilot will now be available to all Microsoft 365 E5 customers Rollout begins with Frontier program (Microsoft's insider ring for Copilot) Expanding in coming months to all E5 customers Security Copilot spans four pillars: Security Operations (Defender + Sentinel) Data Security (Purview) Identity & Access (Entra) Endpoint Management (Intune) Microsoft Agent 365 - The Control Plane for Agents Addresses the critical problem of agent sprawl and governance Think of it as "Entra ID for AI agents" Core capabilities: Registry: Complete inventory of all agents (registered, unregistered, and shadow agents Access Control: Conditional access policies and risk-based policies for agents Monitoring: Real-time visibility into agent behavior, performance, and organizational impact Security Integration: Defender protection, Purview data governance Key governance features: Approve pending agent requests Identify ownerless agents Apply DLP policies to agents Conditional access for agents Secure score for agents Available now through Frontier program in Microsoft 365 admin center Overarching Themes Agent security is the new frontier: All major product announcements (Purview, Entra, Defender) are focused on agent governance 100 trillion daily signals inform Microsoft's threat intelligence Ignite's evolution: Less about big product launches, more about storytelling and connecting features released throughout the year IT Pro focus: Understanding, managing, and securing AI agents is becoming a core competency Key Observations Ignite 2025 is heavily focused on AI and security - limited announcements for traditional products like SharePoint, Teams, or Loop The shift reflects Microsoft's rapid release cadence in the cloud era Agent sprawl is real and Microsoft is proactively addressing governance needs IT professionals need to embrace this change: "The only way out is through" Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

In this milestone 200th episode of The PowerShell Podcast, Frank Lesniak returns to chat with Andrew Pla about automation, community, and what it means to “bet on yourself.” Frank shares his experiences leading cybersecurity and enterprise architecture projects, using PowerShell for AWS security automation, and developing tools to simplify complex data exports. He also discusses the upcoming PowerShell Summit, his work with DuPage Animal Friends, and the value of giving back through mentorship, community involvement, and open source.   Key Takeaways: PowerShell in the cloud – Frank dives deep into AWS automation and explains how PowerShell can simplify security and configuration management at scale. From console to community – After years of speaking and mentoring, Frank emphasizes how collaboration and consistent effort lead to career growth and confidence. Giving back through leadership – As VP of DuPage Animal Friends, Frank highlights the power of using your professional skills for good beyond tech. Guest Bio: Frank Lesniak is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe, where he leads a 45-member team focused on Microsoft's M365/Modern Work platform. His team specializes in navigating the technical complexities of corporate M&A, executing at-scale divestitures and integrations centered on Azure, Microsoft 365, Entra ID, Active Directory, and Windows. An active contributor to the tech community, Frank is a published author, open-source contributor, and a frequent speaker at conferences and user groups on topics including PowerShell, artificial intelligence, and offbeat technical talks related to his hobbies. In his local community, he serves as the Vice President of DuPage Animal Friends, a non-profit dedicated to supporting DuPage County's sole open-admission animal shelter.   Resource Links: Connect with Frank -https://linktr.ee/franklesniak Frank Lesniak on X (Twitter) – https://x.com/FrankLesniak Frank on LinkedIn – https://linkedin.com/in/flesniak Connect with Andrew - https://andrewpla.tech/links DuPage Animal Friends – https://dupageanimalfriends.org Previous Podcasts with Frank - https://powershellpodcast.podbean.com/?s=Frank%20Lesniak PowerShell Wednesdays – YouTube Playlist PDQ Discord (PowerShell Scripting Channel) – https://discord.gg/PDQ PowerShell Summit OnRamp Scholarship – https://www.powershellsummit.org/on-ramp/ The PowerShell Podcast on YouTube: https://youtu.be/cQvs5s3T1DA

???? Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — Unnatural European Fridges03:34 - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin' Bout [infosec] News 2025-09-2204:14 - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens21:32 - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages40:50 - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence51:41 - Story # 3: Verified Steam game steals streamer's cancer treatment donations57:16 - Story # 4: Heathrow warns of second day of disruption after cyber-attack

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

On this week's show Patrick Gray and special guest Rob Joyce discuss the week's cybersecurity news, including: Secret Service raids a SIM farm in New York MI6 launches a dark web portal Are the 2023 Scattered Spider kids finally getting their comeuppance? Production halt continues for Jaguar Land Rover GitHub tightens its security after Shai-Hulud worm This week's episode is sponsored by Sublime Security. In this week's sponsor interview, Sublime founder and CEO Josh Kamdjou joins host Patrick Gray to chat about the pros and cons of using agentic AI in an email security platform. This episode is also available on YouTube Show notes U.S. Secret Service disrupts telecom network that threatened NYC during U.N. General Assembly MI6 launches darkweb portal to recruit foreign spies | The Record from Recorded Future News One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens | dirkjanm.io Github npm changes Flights across Europe delayed after cyberattack targets third-party vendor | Cybersecurity Dive Major European airports work to restore services after cyberattack on check-in systems | The Record from Recorded Future News When “Goodbye” isn't the end: Scattered LAPSUS$ Hunters hack on | DataBreaches.Net UK arrests 2 more alleged Scattered Spider hackers over London transit system breach | Cybersecurity Dive Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News Las Vegas police arrest minor accused of high-profile 2023 casino attacks | CyberScoop DOJ: Scattered Spider took $115 million in ransoms, breached a US court system | The Record from Recorded Future News vx-underground on X: "Scattered Spider ransoms company for 964BTC - wtf_thats_alot.jpeg - Document says "Cost of BTC at time was $36M" - $36M / 964BTC = $37.5K - BTC value was $37.5K in November, 2023 - Google "Ransomware, November, 2023" - omfg.exe https://t.co/uv2EzbL5HT" | X JLR ‘cyber shockwave ripping through UK industry' as supplier share price plummets by 55% | The Record from Recorded Future News Jaguar Land Rover to extend production pause into October following cyberattack | Cybersecurity Dive New plan would give Congress another 18 months to revisit Section 702 surveillance powers | The Record from Recorded Future News AI-powered vulnerability detection will make things worse, not better, former US cyber official warns | Cybersecurity Dive

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek demonstrates the difficulty in reviewing models, curl reduces risk by eliminating code, preserving the context of code reviews, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-349

In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek demonstrates the difficulty in reviewing models, curl reduces risk by eliminating code, preserving the context of code reviews, and more! Show Notes: https://securityweekly.com/asw-349

A major ransomware attack disrupts airport operations across Europe. Congress is on the verge of letting major cyber legislation expire. A critical flaw nearly allowed total compromise of every Entra ID tenant. Automaker Stellantis confirms a data breach. Fortra patches a critical flaw in its GoAnywhere MFT software. Europol leads a major operation against online child sexual exploitation. Three of the cybersecurity industry's biggest players opt out of MITRE's 2025 ATT&CK Evaluations. A compromised Steam game drains a cancer patient's donations. Business Breakdown. Andrzej Olchawa and Milenko Starcik from VisionSpace join Maria Varmazis, host of T-Minus Space on hacking satellites. How one kid got tangled in Scattered Spider's web. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Andrzej Olchawa and Milenko Starcik from VisionSpace are speaking with Maria Varmazis, host of T-Minus Space on hacking satellites. Selected Reading EU cyber agency says airport software held to ransom by criminals (BBC News) Cyber threat information law hurtles toward expiration, with poor prospects for renewal (CyberScoop) Microsoft Entra ID flaw allowed hijacking any company's tenant (Bleeping Computer) Stellantis says a third-party vendor spilled customer data (The Register) Fortra Patches Critical GoAnywhere MFT Vulnerability (SecurityWeek) AI Forensics Help Europol Track 51 Children in Global Online Abuse Case (HackRead) Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test (Infosecurity Magazine) Verified Steam game steals streamer's cancer treatment donations (Bleeping Computer) CrowdStrike and Check Point intend to acquire AI security firms. (N2K CyberWire Business Briefing)  ‘I Was a Weird Kid': Jailhouse Confessions of a Teen Hacker (Bloomberg) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybersecurity Today: Major Vulnerabilities and Attacks Uncovered Join host David Shipley for today's cybersecurity updates on the last day of summer 2025. In this episode, we delve deep into Microsoft's critical Entra ID vulnerability, a cyber attack crippling major European airports, the rise of SpamGPT targeting phishing operations, and the alarming zero-click flaw in OpenAI's deep research agent. Hear about Canadian Police's big win against the shadowy Trade Ogre crypto platform and their $40 million asset seizure. Buckle up for a reality check on the evolving cyber threats and their impact on global security. 00:00 Introduction and Overview 00:55 Microsoft's Extinction Level Vulnerability 05:19 European Airports Cyber Attack 08:20 SpamGPT: AI for Cyber Criminals 09:53 Shadow Leak: Zero Click AI Vulnerability 12:09 Trade Ogre Takedown 14:50 Conclusion and Upcoming Events

CTRL-Z DLL Hooking Attackers may use a simple reload trick to overwrite breakpoints left by analysts to reverse malicious binaries. https://isc.sans.edu/diary/CTRL-Z%20DLL%20Hooking/32294 Global Admin in every Entra ID tenant via Actor tokens As part of September s patch Tuesday, Microsoft patched CVE-2025-55241. The discoverer of the vulnerability, Dirk-jan Mollema has published a blog post showing how this vulnerability could have been exploited. https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ WatchGuard Firebox iked Out of Bounds Write Vulnerability CVE-2025-9242 WatchGuard patched an out-of-bounds write vulnerability, which could allow an unauthenticated attacker to compromise the devices. https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 NVidia Triton Inference Server NVIDIA patched critical vulnerabilities in its Triton Inference Server. https://nvidia.custhelp.com/app/answers/detail/a_id/5691

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: CISA warns about the path from on-prem Exchange to the cloud Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are Everyone and their dog seems to have a shell in US Federal Court information systems Google pays $250k for a Chrome sandbox escape Attackers use javascript in adult SVG files to … farm facebook likes?! SonicWall says users aren't getting hacked with an 0day… this time. This week's episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together. This episode is also available on Youtube. Show notes CISA, Microsoft issue alerts on ‘high-severity' Exchange vulnerability | The Record from Recorded Future News Advanced Active Directory to Entra ID lateral movement techniques Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications Cartels may be able to target witnesses after major court hack Federal judiciary tightens digital security as it deals with ‘escalated cyberattacks' | The Record from Recorded Future News Citrix NetScaler flaws lead to critical infrastructure breaches | Cybersecurity Dive DARPA touts value of AI-powered vulnerability detection as it announces competition winners | Cybersecurity Dive Buttercup is now open-source! HTTP/1.1 must die: the desync endgame US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms | The Record from Recorded Future News North Korean cyber-espionage group ScarCruft adds ransomware in recent attack | The Record from Recorded Future News Adult sites are stashing exploit code inside racy .svg files - Ars Technica Google pays 250k for Chromium sandbox escape SonicWall says recent attack wave involved previously disclosed flaw, not zero-day | Cybersecurity Dive Two groups exploit WinRAR flaws in separate cyber-espionage campaigns | The Record from Recorded Future News Tornado Cash cofounder dodges money laundering conviction, found guilty of lesser charge | The Record from Recorded Future News Hackers Hijacked Google's Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home | WIRED Malware in Open VSX: These Vibes Are Off How attackers are using Active Directory Federation Services to phish with legit office.com links Introducing our guide to phishing detection evasion techniques The State of Attack Path Management

Cloudflare says yesterday's widespread outage was not caused by a cyberattack. Predator mobile spyware remains highly active. Microsoft is investigating ongoing Microsoft 365 authentication services issues. An account takeover campaign targets Entra ID users by abusing a popular pen testing tool. Palo Alto Networks documents a JavaScript obfuscation method dubbed “JSFireTruck.” Trend Micro and Mitel patch multiple high-severity vulnerabilities. CISA issues multiple advisories. My Hacking Humans cohost Joe Carrigan joins us to discuss linkless recruiting scams. Uncle Sam wants an AI chatbot.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Joe Carrigan, one of Dave's Hacking Humans co-hosts, to talk about linkless recruiting scams. You can learn more in this article from The Record: FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters. Tune in to Hacking Humans each Thursday on your favorite podcast app to hear the latest on the social engineering scams that are making the headlines from Joe, Dave and their co-host Maria Varmazis.  Selected Reading Cloudflare: Outage not caused by security incident, data is safe (Bleeping Computer) Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection (Cyber Security News) Microsoft confirms auth issues affecting Microsoft 365 users (Bleeping Computer) TeamFiltration Abused in Entra ID Account Takeover Campaign (SecurityWeek) 270K websites injected with ‘JSF-ck' obfuscated code (SC Media) Palo Alto Networks Patches Series of Vulnerabilities (Infosecurity Magazine) SimpleHelp Vulnerability Exploited Against Utility Billing Software Users (SecurityWeek) Trend Micro fixes critical vulnerabilities in multiple products (Bleeping Computer) Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking  (SecurityWeek) CISA Releases Ten Industrial Control Systems Advisories (CISA) Trump team leaks AI plans in public GitHub repository (The Register) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices